Title :
Research and Realization of Secure Audit Mechanism Based on LSM
Author_Institution :
Sch. of Comput. Sci. & Commun. Eng., Jiangsu Univ., Zhenjiang, China
Abstract :
The secure audit mechanism based on Linux security modules (LSM) is presented. The SAM enhances LSM in audit, makes security domain of process task structure point to the specified data structure, and adds audit hooks and hook functions to capture comprehensive audit information. Additionally, register functions and unregistered functions are provided to implement dynamic addition and deletion of security audit modules. Buffer with double-linked list structure is designed to solve easy lost of audit information and buffer overflow. Normal activities rule base, RVA, and its dynamic response algorithm are presented. And real-time security warning and punishment mechanisms are achieved by constraint control algorithm and the set of warning threshold and punish threshold. Audit log format based on efficiency is designed. And five kinds of basic query are provided to achieve effective log storage and query. The tested results indicate the mechanism has better security and running performance, less influence on the kernel, and adaptive kernel´s upgrade.
Keywords :
Linux; dynamic response; operating systems (computers); security of data; LSM; Linux security modules; audit hooks; audit log format; buffer; constraint control algorithm; data structure; double-linked list structure; hook functions; log storage; query; real-time security warning; register functions; secure audit mechanism; Computer science; Computer security; Data security; Data structures; Information security; Kernel; Linux; Monitoring; Operating systems; Safety;
Conference_Titel :
Management and Service Science, 2009. MASS '09. International Conference on
Conference_Location :
Wuhan
Print_ISBN :
978-1-4244-4638-4
Electronic_ISBN :
978-1-4244-4639-1
DOI :
10.1109/ICMSS.2009.5304261
